<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="zh-cn" xml:lang="zh-cn">
 <head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <meta name="DC.Type" content="topic">
  <meta name="DC.Title" content="步骤5：（可选）开启备份链路加密开关">
  <meta name="product" content="">
  <meta name="DC.Relation" scheme="URI" content="dameng-00009.html">
  <meta name="prodname" content="">
  <meta name="version" content="">
  <meta name="brand" content="30-OceanProtect 备份一体机 1.5.0-1.6.0 帮助中心">
  <meta name="DC.Publisher" content="20240320">
  <meta name="prodname" content="csbs">
  <meta name="documenttype" content="usermanual">
  <meta name="DC.Format" content="XHTML">
  <meta name="DC.Identifier" content="dameng-00014">
  <meta name="DC.Language" content="zh-cn">
  <link rel="stylesheet" type="text/css" href="public_sys-resources/commonltr.css">
  <title>步骤5：（可选）开启备份链路加密开关</title>
 </head>
 <body style="clear:both; padding-left:10px; padding-top:5px; padding-right:5px; padding-bottom:5px">
  <a name="dameng-00014"></a><a name="dameng-00014"></a>
  <h1 class="topictitle1">步骤5：（可选）开启备份链路加密开关</h1>
  <div>
   <p>您需要开启备份链路加密开关，备份链路加密功能才会生效。</p>
   <div class="section">
    <h4 class="sectiontitle">前提条件</h4>
    <p>请确保已为存储系统配置NFS Kerberos服务，并已在AD域中添加rdadmin用户和安装数据库时使用的操作系统用户。可联系应用管理员获取操作系统用户名和ID。否则开启备份链路加密开关后，可能导致备份任务失败。<span>配置NFS Kerberos服务的操作请参见产品对应型号的<span id="dameng-00014__zh-cn_topic_0000001839143225_cite5907115716400">《安装指南》</span>中的“（可选）配置NFS Kerberos服务”章节。</span></p>
   </div>
   <div class="section">
    <h4 class="sectiontitle">注意事项</h4>
    <p id="dameng-00014__zh-cn_topic_0000001839143225_p1854315715349">开启备份链路加密后，代理主机与KDC域服务器之间的票证存在有效期，票证过期之后可能导致备份任务失败。建议延长KDC域服务器上Kerberos策略中票证的过期时间或者配置为永不过期。如果未配置永不过期，需要在票证即将过期前，在代理主机上，对添加到AD域中的用户，通过<strong id="dameng-00014__zh-cn_topic_0000001839143225_b3195122210175">kinit</strong>命令或<strong id="dameng-00014__zh-cn_topic_0000001839143225_b185942242179">net</strong>命令重新获取票证，具体操作请参见产品对应型号的<span id="dameng-00014__zh-cn_topic_0000001839143225_cite890601917412">《安装指南》</span>中的“配置客户端”章节。</p>
   </div>
   <div class="section">
    <h4 class="sectiontitle">创建UNIX本地认证用户组</h4>
    <p>开启备份链路加密前，如果当前环境未加入域环境，需要将用户组添加到本地认证用户组。<span>不同的存储设备操作可能有差异。</span></p>
    <ol>
     <li><span>登录DeviceManager。</span><p></p>
      <ol type="a">
       <li id="dameng-00014__zh-cn_topic_0000001656571657_zh-cn_topic_0000001607531760_zh-cn_topic_0000001311295305_zh-cn_topic_0000001149078659_li929117916361">选择<span class="uicontrol" id="dameng-00014__zh-cn_topic_0000001656571657_zh-cn_topic_0000001607531760_zh-cn_topic_0000001311295305_zh-cn_topic_0000001149078659_uicontrol1098185683619">“<span id="dameng-00014__zh-cn_topic_0000001656571657_zh-cn_topic_0000001607531760_text157651936143415">系统</span> &gt; <span id="dameng-00014__zh-cn_topic_0000001656571657_zh-cn_topic_0000001607531760_text49601653123416">基础设施</span> &gt; <span id="dameng-00014__zh-cn_topic_0000001656571657_zh-cn_topic_0000001607531760_text112401684352">集群管理</span>”</span>。</li>
       <li id="dameng-00014__zh-cn_topic_0000001656571657_li19932939164117">在<span class="uicontrol" id="dameng-00014__zh-cn_topic_0000001656571657_zh-cn_topic_0000001607531760_uicontrol13691645105219">“<span id="dameng-00014__zh-cn_topic_0000001656571657_zh-cn_topic_0000001607531760_text1763193125313">备份集群</span>”</span>页签的<span class="uicontrol" id="dameng-00014__zh-cn_topic_0000001656571657_zh-cn_topic_0000001607531760_uicontrol1050641575312">“<span id="dameng-00014__zh-cn_topic_0000001656571657_zh-cn_topic_0000001607531760_text133861121163513">本地集群节点</span>”</span>区域，单击节点名称。</li>
       <li id="dameng-00014__zh-cn_topic_0000001656571657_li1115217015589">在弹出的<span class="uicontrol" id="dameng-00014__zh-cn_topic_0000001656571657_zh-cn_topic_0000001607531760_uicontrol1144724616332">“<span id="dameng-00014__zh-cn_topic_0000001656571657_zh-cn_topic_0000001607531760_text51761646203516">节点详情</span>”</span>对话框中，单击<span class="uicontrol" id="dameng-00014__zh-cn_topic_0000001656571657_zh-cn_topic_0000001607531760_uicontrol1544714611335">“<span id="dameng-00014__zh-cn_topic_0000001656571657_zh-cn_topic_0000001607531760_text1624910583612">打开设备管理</span>”</span>，进入DeviceManager。</li>
      </ol> <p></p></li>
     <li><span>选择<span class="uicontrol">“服务 &gt; 文件服务 &gt; 认证用户”</span>。</span></li>
     <li><span>在<span class="uicontrol">“UNIX用户”</span>页签下选择<span class="uicontrol">“本地认证用户组”</span>。</span></li>
     <li><span>单击<span class="uicontrol">“创建”</span>。</span></li>
     <li><span>配置UNIX本地认证用户组信息。</span><p></p>
      <ul>
       <li>名称：数据库安装用户所属组。可在数据库主机执行<strong>cat /etc/group</strong>命令查看数据库安装用户所属组。</li>
       <li>ID：在数据库主机执行<strong>cat /etc/group</strong>命令查看所属组对应的ID。</li>
      </ul> <p></p></li>
     <li><span>单击<span class="uicontrol">“确定”</span>。</span></li>
    </ol>
    <p></p>
    <p></p>
   </div>
   <div class="section">
    <h4 class="sectiontitle">操作步骤</h4>
    <ol>
     <li><span>选择<span class="uicontrol" id="dameng-00014__zh-cn_topic_0000001839143225_zh-cn_topic_0000001102065552_zh-cn_topic_0000001085869992_zh-cn_topic_0000001092505479_uicontrol123381932135316">“<span id="dameng-00014__zh-cn_topic_0000001839143225_zh-cn_topic_0000001102065552_zh-cn_topic_0000001085869992_zh-cn_topic_0000001092505479_text113848306235"><span id="dameng-00014__zh-cn_topic_0000001839143225_zh-cn_topic_0000001102065552_text8949174614917">系统</span></span> &gt; <span id="dameng-00014__zh-cn_topic_0000001839143225_zh-cn_topic_0000001102065552_zh-cn_topic_0000001085869992_text484521122916"><span id="dameng-00014__zh-cn_topic_0000001839143225_zh-cn_topic_0000001102065552_text2943115917492">安全</span></span> &gt; <span id="dameng-00014__zh-cn_topic_0000001839143225_text6472734351">数据安全</span>”</span>。</span></li>
     <li><span>在“加密设置”区域，单击页面右侧的<span class="uicontrol" id="dameng-00014__zh-cn_topic_0000001839143225_uicontrol851575420436">“<span id="dameng-00014__zh-cn_topic_0000001839143225_text2172104153514">修改</span>”</span>，开启<span class="uicontrol" id="dameng-00014__zh-cn_topic_0000001839143225_uicontrol13743170204412">“<span id="dameng-00014__zh-cn_topic_0000001839143225_text451824814419">备份链路加密</span>”</span>。</span></li>
     <li><span>单击<span class="uicontrol" id="dameng-00014__zh-cn_topic_0000001839143225_uicontrol1839019167443">“<span id="dameng-00014__zh-cn_topic_0000001839143225_text1418318566358">保存</span>”</span>。</span></li>
    </ol>
   </div>
  </div>
  <div>
   <div class="familylinks">
    <div class="parentlink">
     <strong>父主题：</strong> <a href="dameng-00009.html">备份Dameng</a>
    </div>
   </div>
  </div>
 </body>
</html>